KRA Issues Urgent Alert After Official X Account Hacked and Renamed “StandsX”
The Kenya Revenue Authority (KRA) has issued a public warning following a major cybersecurity breach involving its official X (formerly Twitter) account, @KRACare. The account was reportedly hacked and renamed to “StandsX”, prompting immediate concern among taxpayers and online users who rely on the platform for real-time customer support and tax-related updates.
StandX Bonus is live!
Deposited in the last 72 hours? You're eligible—don't wait!
According to a statement released by the Authority, the hacking incident poses a significant risk of fraudulent messages, scams, and data theft, as the compromised account may attempt to deceive unsuspecting users. Members of the public have been strongly advised not to engage, share personal details, or send money in response to any messages or posts from the hacked handle.
KRA confirmed that its technical and cybersecurity teams have launched urgent efforts in collaboration with X (formerly Twitter) to retrieve and secure the compromised account. The Authority emphasized that official communication will only be made through verified KRA channels until the issue is fully resolved.
“We are aware that our official X handle, @KRACare, has been compromised and renamed ‘StandsX’. Members of the public are warned not to engage with any posts or messages from the account as they are fraudulent,” the KRA stated.
The official @KRACare X (formerly Twitter) account has been hacked and its handle changed to “StandsX”. Members of the public are strongly warned not to engage, share personal information, or send money to any messages or posts from this account, as they are fraudulent. The Kenya… pic.twitter.com/ZmoFsJp3S7
The incident underscores growing concerns over cybersecurity threats targeting government agencies and public institutions. In recent months, several verified accounts in Kenya have been compromised, leading to the spread of misinformation and phishing scams.
KRA’s swift response highlights the seriousness of the situation, as the Authority’s social media platforms play a critical role in public communication, especially during peak tax seasons. The @KRACare account, in particular, is widely used by Kenyans to seek assistance on tax filing, registration, and compliance issues.
The Authority assured the public that no taxpayer data has been compromised through the social media hack. However, users are urged to remain cautious and verify the authenticity of any messages before taking action.
Public Urged to Use Verified Contact Channels
To ensure continued access to customer service, KRA has urged taxpayers to use alternative official platforms while the @KRACare account remains under investigation. These include:
The Authority also reminded users to look out for the blue verification checkmark on all official KRA social media accounts to avoid falling victim to impersonation or scams.
“Official updates regarding this incident will be communicated through verified KRA channels. We appreciate the public’s patience and vigilance as we work with X to restore our official handle,” the statement added.
Cybersecurity Experts Weigh In
Cybersecurity analysts have warned that social media platforms have become prime targets for hackers, often seeking to exploit verified accounts for financial scams or disinformation. Once compromised, such accounts can be used to promote fake giveaways, phishing links, or fraudulent payment requests.
Experts recommend that both organizations and individuals implement two-factor authentication (2FA), regularly update passwords, and monitor for unauthorized logins to minimize risks.
Public Advised to Stay Alert
As investigations continue, KRA is urging all Kenyans to remain vigilant online. Users are reminded that the Authority does not request personal or financial information via direct messages on social media. Any suspicious activity or messages claiming to represent KRA should be reported immediately through the official customer care channels.
The hacking of KRA’s @KRACare account serves as a stark reminder of the growing cyber threats facing public institutions. It also reinforces the need for enhanced digital security measures to protect both government entities and citizens from fraudsters exploiting trusted platforms.
